Hi: [QEMU] usb-uhci: Data buffer is too small
The data buffer is only 1280 bytes long but the user-supplied length can be as large as 0x7ff. This patch extends the buffer to 2048 bytes. Signed-off-by: Herbert Xu <[EMAIL PROTECTED]> Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- diff -r 463bda167715 tools/ioemu/hw/usb-uhci.c --- a/tools/ioemu/hw/usb-uhci.c Wed Nov 29 12:43:11 2006 +0000 +++ b/tools/ioemu/hw/usb-uhci.c Thu Nov 30 16:38:40 2006 +1100 @@ -421,7 +421,7 @@ static int uhci_handle_td(UHCIState *s, static int uhci_handle_td(UHCIState *s, UHCI_TD *td, int *int_mask) { uint8_t pid; - uint8_t buf[1280]; + uint8_t buf[2048]; int len, max_len, err, ret; if (td->ctrl & TD_CTRL_IOC) { _______________________________________________ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
